Commit Graph

26634 Commits

Author SHA1 Message Date
Evgenii Stepanov f38ae34bbc Merge "Don't disable all sanitizers in liblog, just asan." 2017-01-24 23:00:54 +00:00
Vijay Venkatraman 897bc9b2b3 Merge "Exporting C headers from system/core" 2017-01-24 22:43:32 +00:00
Treehugger Robot d945f27cd6 Merge "fs_mgr: fix clang static analyzer warning" 2017-01-24 20:58:19 +00:00
Evgenii Stepanov ffdabdc6f2 Don't disable all sanitizers in liblog, just asan.
ASan runtime library depends on liblog, so we have to disable ASan,
but nothing else.

Bug: 33091541
Test: SANITIZE_TARGET=address keeps working
Change-Id: I6e22925b7f1d5ec86fe1bd8c00dba4c3e86ddf3f
2017-01-24 12:57:23 -08:00
Dimitry Ivanov 17767caed9 Merge "Revert "New protocol for property_service"" 2017-01-24 20:00:44 +00:00
Vijay Venkatraman 5fe1cebe7c Merge "Replaced include log/logger.h with log/log.h in debuggerd" 2017-01-24 19:07:30 +00:00
Dimitry Ivanov 70c4ecf2b5 Revert "New protocol for property_service"
This reverts commit dee4bd236b.
Bug: http://b/33926793
Bug: http://b/34670529

Change-Id: Ife3a5a471ee29cb12c2c41efef885ba40b8970e6
2017-01-24 18:38:09 +00:00
Treehugger Robot 9fd1190790 Merge "Allow tkill" 2017-01-24 04:31:26 +00:00
Vijay Venkatraman a95acea5bf Replaced include log/logger.h with log/log.h in debuggerd
Test: Compile debuggerd
Change-Id: I33d12708993bd6818907b8cbb0a7a40672ad320d
2017-01-23 20:11:51 -08:00
Treehugger Robot 1b3350e4ca Merge "Allow restart_syscall" 2017-01-24 04:08:48 +00:00
Treehugger Robot 571cd23fa8 Merge "init: add ro.boot.init_rc" 2017-01-24 03:59:13 +00:00
Dimitry Ivanov 038b8f086f Merge "New protocol for property_service" 2017-01-24 02:54:34 +00:00
Josh Gao a2fd28ee06 Merge changes I8b3e8a3b,I4976abef,I31dadb9c
* changes:
  tombstoned: silence spurious error messages.
  Actually don't start tombstoned until /data is mounted.
  debuggerd_handler: add SIGSYS to the list of handled signals.
2017-01-24 02:27:20 +00:00
Colin Cross 2e253cbcc6 Allow tkill
tkill and tgkill are syscalls that do not have glibc wrappers, but
they are required in order to send a signal to a specific thread.
Non-android software may call them directly with syscall().  Bionic
provides a wrapper for tgkill, so seccomp allows it, but not for
tkill.  Add tkill to the whitelist.

This can be reproduced with:
sleep 1000 & sleep 1 ; strace -p $!
then hit ctrl-C, and the shell will print "Bad system call" because
the strace process died with SIGSYS

Bug: 34586922
Test: repro case is fixed
Change-Id: Ib6962a967f2cc757f2906de7905e75e1b6d6f39f
2017-01-23 17:10:51 -08:00
Colin Cross 47afc6b64e Allow restart_syscall
restart_syscall is used by the kernel whenever a syscall with a
timeout is interrupted.  Whitelist it in seccomp to prevent
processes being killed with SIGSYS when being ptraced.

Bug: 34586922
Test: hwui_unit_tests
Change-Id: Ic47dcad33f3082eb5673c3c67fe17200d4daaf74
2017-01-23 17:05:01 -08:00
Josh Gao 8498016b81 tombstoned: silence spurious error messages.
Bug: none
Test: booted after deleting /data/tombstones/*
Test: crasher creates a tombstone
Change-Id: I8b3e8a3b521952412ebc955b2437bf8150220c16
2017-01-23 16:01:14 -08:00
Josh Gao 0ad5107e51 Actually don't start tombstoned until /data is mounted.
Bug: http://b/34461270
Test: boot is actually faster
Test: tombstoned still started by init
Change-Id: I4976abef108bbb6fad264f9b68cbc1fba711085b
2017-01-23 16:01:14 -08:00
Josh Gao 4decbe0d6c debuggerd_handler: add SIGSYS to the list of handled signals.
Bug: http://b/34586922
Test: kill -SYS $$
Change-Id: I31dadb9c65141d0c5556cc7256439e0a8d1519ab
2017-01-23 16:01:14 -08:00
Dimitry Ivanov dee4bd236b New protocol for property_service
New protocol assumes that there is no limit on name or value
and effectively removed limit on property name length.

It also send back a uint32_t with error code (or 0 on success)

Bug: http://b/33926793
Test: mm, boot, run bionic-unit-tests --gtest_filter=prop*
Change-Id: Iac6290398ddc495e03f8fbbc3a79e923eff5df6f
2017-01-23 15:30:05 -08:00
Treehugger Robot d965fbfc9a Merge "logcat: test: inject messages if necessary for tail test requirements" 2017-01-23 23:11:56 +00:00
Josh Gao 90e05f68e2 Merge "debuggerd_handler: properly crash when PR_GET_DUMPABLE is 0." 2017-01-23 22:30:56 +00:00
Josh Gao fca7ca3585 debuggerd_handler: properly crash when PR_GET_DUMPABLE is 0.
Actually exit when receiving a signal via kill(2) or raise(2) and
PR_GET_DUMPABLE is 0.

Bug: none
Test: /data/nativetest/debuggerd_test/debuggerd_test32
Test: /data/nativetest64/bionic-unit-tests/bionic-unit-tests --gtest_filter=pthread_DeathTest.pthread_mutex_lock_null_64
Change-Id: I833a2a34238129237bd9f953959ebda51d8d04d7
2017-01-23 14:13:36 -08:00
Mark Salyzyn 15e585853f logcat: test: inject messages if necessary for tail test requirements
For the gTests logcat.tz, logcat.tail_3, logcat.tail_10,
logcat.tail_100, logcat.tail_1000 and logcat.tail_time tests inject
messages if we come up short should the background logging not be
sufficient to feed the test requirements.  Test frames run the
tests right after reboot requiring injection.  Will have radio
silence, so we also add kernel logs if available to help add to the
background logging activity level.

We also will inject a radio message for logcat.buckets so that test
can survive no radio content.

Test: set device to airplane mode (to stress this problem) then:
      adb logcat -b all -c && adb shell su root \
          /data/nativetest/logcat-unit-tests/logcat-unit-tests \
          --gtest_filter=logcat.tail_1000 (or others in this set)
Bug: 34454772
Change-Id: I5ec246552f3ab1fc9c5864ed69d63b851fdf538d
2017-01-23 13:33:02 -08:00
Josh Gao 400973fa88 Merge changes Iacaa796f,I7549f674,Ic9d70880,I96cb09b7,I5c2658a8
* changes:
  crash_dump: set a watchdog timer.
  crash_dump: switch to PTRACE_SEIZE.
  crash_dump: clear the default crash handlers.
  crash_dump: remove extra log.
  debuggerd_handler: actually wait for pseudothread to exit.
2017-01-23 20:43:05 +00:00
Josh Gao 7c6e3133f5 crash_dump: set a watchdog timer.
PTRACE_DETACH is only necessary if the process is in group-stop state,
the tracer exiting is sufficient to detach and resume tracees.

Using this, set a 5 second timer with alarm(2) that just kills us, to
avoid leaving processes stopped.

Bug: http://b/34472671
Test: debuggerd_test
Test: crasher + manually inserting a 10 second sleep into crash_dump
Change-Id: Iacaa796f79037aa1585f3f2159abe45ef0069311
2017-01-23 11:39:31 -08:00
Josh Gao 122479f4a0 crash_dump: switch to PTRACE_SEIZE.
ptrace(PTRACE_ATTACH) does not immediately put the traced process in a
stopped state. If we manage to call PTRACE_CONT on it before it
finishes, we'll fail. Switch to using PTRACE_SEIZE and PTRACE_INTERRUPT
to guarantee that the target stops immediately.

This also has the advantage of never putting the process in group-stop
state, which means if we exit prematurely (e.g. if we crash during
stack unwinding), the target process will be resumed without any
intervention needed.

Bug: http://b/34472671
Test: while true; do debuggerd -b `pidof audioserver`; done
Change-Id: I7549f67489646cf300b8c9aa8c735e5e897806ef
2017-01-23 11:34:49 -08:00
Josh Gao 575941115e crash_dump: clear the default crash handlers.
crash_dump is a dynamic executable that gets the default crash dumping
handlers set by the linker. Turn them off to prevent crash_dump from
dumping itself.

Bug: http://b/34472671
Test: inserted an abort into crash_dump
Change-Id: Ic9d708805ad47afbb2a9ff37e2ca059f23f421de
2017-01-23 11:34:49 -08:00
Josh Gao d20d687de5 crash_dump: remove extra log.
We're already aborting via LOG(FATAL), there's no reason to log again.

Bug: none
Test: mma
Change-Id: I96cb09b716b19381d6a6931048827ef45f87170b
2017-01-23 11:34:49 -08:00
Josh Gao b64dd85c94 debuggerd_handler: actually wait for pseudothread to exit.
Occasionally, the pseudothread wouldn't exit in time after unlocking
the mutex to get crash_dump to proceed, resulting in spurious error
messages. Instead of using a mutex to emulate pthread_join, just
implement it correctly.

Bug: http://b/34472671
Test: debuggerd_test
Change-Id: I5c2658a84e9407ed8cc0ef2ad0fb648c388b7ad1
2017-01-23 11:34:49 -08:00
Mark Salyzyn 13c15e05d0 Merge "logcat: do not report security buffer errors" 2017-01-23 15:25:04 +00:00
Vijay Venkatraman 3c6763ca21 Exporting C headers from system/core
Moved headers from include/libcutils and include/liblog to
libcutils/include and liblog/include respectively, so they can be
exported via these libs. They needed to be moved since Soong does
not allow export from external folder.

Added symlink from old locations. They are needed since Soong
includes system/core/include by default. Once all modules are
cleaned up to explicitly add the required libs, the symlinks will be
removed.

Also added liblog_vndk_headers that exports a special log/log.h for
VNDK.

Moved headers of libcutils to libcutils_headers. They should be used
by modules for header-only inlines. Added libcutils_headers as
dependency of libcutils.

Added libcutils_vndk_headers that exports a special cutils/log.h
deprecating usage of the file. A later CL will deprecate the one in
libcutils_headers

Test: Add above libs to shared lib of local module
Change-Id: I6e1f9c5f23d8b6eae13dc3b7e5dfe7fae93b8510
2017-01-22 19:45:38 -08:00
Treehugger Robot 41ee55a875 Merge "adb: check for and report inotify_init1 failure." 2017-01-21 01:05:02 +00:00
Mark Salyzyn 26a1facfbf logcat: do not report security buffer errors
Do not report security buffer errors if not specifically
named in the buffer list.

Test: gTest logcat-unit-test --gtest_filter=logcat.security
Bug: 34511645
Change-Id: I028d51abad0329fcf42e467b135d035b06c1d2e3
2017-01-20 15:30:34 -08:00
Josh Gao fb9a7e5995 adb: check for and report inotify_init1 failure.
Bug: http://b/34396687
Test: mma
Change-Id: I55ea84db49017a6533ac54db5072e3e75ba30097
2017-01-20 15:26:00 -08:00
Treehugger Robot b479a5002e Merge "init: don't start tombstoned until /data is mounted." 2017-01-20 22:13:38 +00:00
Treehugger Robot b5e530f720 Merge "bootstat: Remove debug logging of bootstat_mtime_matches_content." 2017-01-20 21:46:56 +00:00
Josh Gao 42a0fed78b init: don't start tombstoned until /data is mounted.
When vold mounts the encrypted /data partition, it first checks for and
kills processes that have open fds to the tmpfs placeholder at /data.
This resulted in a 20 second boot-time regression (vold's timeout period)
when tombstoned was started before vold.

Bug: http://b/34461270
Test: boot is faster, no messages from vold in console spew
Test: tombstoned still started by init
Change-Id: Ib5e9ddb05f40c9da852f00e103861c6ff2d94888
2017-01-20 13:18:51 -08:00
Josh Gao ac0403b1e5 Merge "crash_dump: don't abort if we fail to attach a sibling." 2017-01-20 21:02:30 +00:00
Josh Gao 42fd74bd1f crash_dump: don't abort if we fail to attach a sibling.
A TOCTOU race can occur between listing threads and attaching them.
Don't abort and leave the process in a stopped state when this happens.

Bug: http://b/34472671
Test: while true; do debuggerd -b `pidof audioserver`; done
Change-Id: Ib1632c3423fddf506b5c7874223c82fada78a85e
2017-01-20 12:55:07 -08:00
Dave Weinstein c734a0a9ee Merge "Move the kptr_restrict setting from init.rc to init.cpp." 2017-01-20 20:24:10 +00:00
Treehugger Robot d289e36847 Merge "logd: test: switch to /data/backup/ for sepolicy avc injection" 2017-01-20 19:42:51 +00:00
James Hawkins a51b165c7a bootstat: Remove debug logging of bootstat_mtime_matches_content.
Bug: 34507152
Test: bootstat_tests
Change-Id: I97f84dd04eb44e6a5d00cf9a2f6b24a5b3e9297f
2017-01-20 11:20:36 -08:00
Mark Salyzyn 9d3722be72 Merge "liblog: BM_log_latency improvement" 2017-01-20 19:04:54 +00:00
Mark Salyzyn 142b43d4ab liblog: BM_log_latency improvement
This reduces BM_log_latency from ~300ns to ~100ns.  Because, well, we
read the clock earlier and that is what BM_log_latency tries to
measure.  The one major improvement in the switch from kernel logger
to user space logger was that we picked up the timestamp in the
context of the caller before doing anything else, but alas changes
over time neglected this fact and placed isloggable checking ahead
of this important fact.

Test: liblog_benchmarks, check results
Change-Id: I4bc9fc3cf8b1659e88417d967b1d0f3743f9e456
2017-01-20 17:53:27 +00:00
Mark Salyzyn c3c06294e5 logd: test: switch to /data/backup/ for sepolicy avc injection
Resolve issues seen on continuous testing frame:

- statistics test, info instead of fail on missing radio log data.
- sepolicy switch from /data/misc/logd/ to /data/backup/ as the
  directory we access(2) to inject sepolicy violations.  The key here
  is we are still root, but we are in u:r:shell:s0, and the directory
  does not provide us DAC access (0700 system system) so we trigger
  the pair dac_override and dac_read_search on every try to get past
  the message de-duper.  /data/misc/logd is not always there, until
  logpersist is enabled, but /data/backup is always there.
- a stricter signature of '): avc: denied'
- put in a looser threshold for sepolicy_rate_limiter_spam test.

Test: gTest logd-unit-tests --gtest_filter=logd.sepolicy*
Bug: 34454758
Change-Id: I28ce4fdb51dc4869944e3253b593ce222d16ec98
2017-01-20 09:42:02 -08:00
Dave Weinstein 44f7e4f421 Move the kptr_restrict setting from init.rc to init.cpp.
Also ensure that it uses the highest supported value, and
abort if the value is not above a minimum threshold.

Test: Tested against the curent kernel (maximum value of 2,
      set to 0 by the kernel initially) and against a
      modified kernel (maximum value of 4, set to 4 by the
      kernel initially)

Bug: 30368199
Change-Id: I608db577258b68b390ffe96f452e1f7c0bc9ad8a
2017-01-20 09:40:43 -08:00
Jin Qian 8b7eb7bb2a fs_mgr: fix clang static analyzer warning
Pointer from strdup is lost hence triggers mem leak warning from
clang, since ptr returned from basename may not point to start of
duplicated string any more.

Switch to use gnu version of basename which doesn't modify input
string so that strdup is no longer necessary.

Bug: 27126348
Test: compile

Change-Id: I937a68c01c223230932c932bffdd35da6503c3c4
2017-01-20 18:01:49 +08:00
Treehugger Robot 8dbab358f0 Merge "Load default/build props from each partition" 2017-01-20 03:58:52 +00:00
Treehugger Robot 18044da576 Merge "Fix a call to openat with incorrect arguments" 2017-01-19 23:58:22 +00:00
Treehugger Robot cfb8800e18 Merge "Enable seccomp in init with generated policy" 2017-01-19 23:26:10 +00:00